Multi-factor authentication with Duo Security – update

Multi-factor authentication (MFA) is being rolled out at CSU during 2019, using Duo Security as the MFA solution to access sensitive and risky information and communications technology (ICT) services. 

What is multi-factor authentication?

MFA is one of the most effective controls that can be used to prevent an attacker from gaining access to IT services and sensitive information. It strengthens access security by requiring two or more methods – also referred to as factors – to verify your identity. These factors can include something you know – like a username and password, plus something you have – like a smartphone app to approve authentication requests, or a passcode generated using a smartphone app or hardware token.

The use of MFA is becoming common. You may be familiar with using it to access online banking, the MyGov website and other internet services, where in addition to logging in with your password, you have a second step to authenticate your identity.

The implementation of MFA at CSU reduces the risk of staff accounts being compromised, providing less opportunity for fraud. It’s an important activity in ensuring our compliance with the Audit Office of NSW and safeguarding the university’s reputation.

Which ICT services will use MFA?

The ICT services listed below have been selected to use MFA and will be progressively implemented during 2019.

  • PasswordState – implementation completed – January 2019
  • Cisco AnyConnect (VPN) Admin access “CSU-Admin” – implementation completed – May 2019
  • Cisco AnyConnect (VPN) Staff access “CSU-Staff” – implementation commenced – May 2019
  • Non-student VDI environments
  • Web Outlook
  • Critical systems privileged access
  • Dynamics 365 privileged admin access

A risk management approach is being used to consider other potential MFA candidates, which may result in the list of ICT services changing throughout the year.

MFA monthly authentications showing 669 for Feb, 726 for March and 1,022 for April
MFA total monthly authentications

What happens next?

If you have accessed Cisco AnyConnect (VPN Staff) since September 2018, you should have received an email with instructions on how to enrol and install Duo Security (10 May). To continue using Cisco AnyConnect (VPN Staff) you must enrol for MFA with Duo Security by 15 July 2019.

If you use VPN and you have not received an email you can register using the MFA Tool.

As soon as you have registered with Duo Security, start using MFA for VPN Access using CSU-Staff group when you next connect.

Note: You cannot install the Duo Security app on a laptop or desktop computer. The app is installed on your mobile device, and is used to provide the second factor to verify your identity when you log in to Cisco AnyConnect on your laptop or desktop.

More information

Step by step instructions and FAQs for using Duo Security are available on the multi-factor authentication web page.

If you have any questions about the implementation of multi-factor authentication contact Shane Meekin-Sutherland on 84140.

Subscribe to DIT News to keep updated on the progress of MFA implementation at CSU.